From 60704eb50ea11d9ab2e0c3a31e1a7cd2fac7abdc Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 6 Mar 2014 21:58:35 -0600 Subject: [PATCH] SEC-2511: Remove double ALLOW-FROM in X-Frame-Options header --- .../AbstractRequestParameterAllowFromStrategyTests.java | 2 +- .../writers/frameoptions/RegExpAllowFromStrategyTests.java | 4 ++-- .../frameoptions/WhiteListedAllowFromStrategyTests.java | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java index 7aa9fc0184..ffa014ecec 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategyTests.java @@ -73,7 +73,7 @@ public class AbstractRequestParameterAllowFromStrategyTests { assertThat( strategy - .getAllowFromValue(request)).isEqualTo("ALLOW-FROM "+value); + .getAllowFromValue(request)).isEqualTo(value); } @Test diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java index 9830c9d571..0884971ccf 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategyTests.java @@ -33,11 +33,11 @@ public class RegExpAllowFromStrategyTests { request.setParameter("from", "http://abc.test.com"); String result1 = strategy.getAllowFromValue(request); - assertThat(result1, is("ALLOW-FROM http://abc.test.com")); + assertThat(result1, is("http://abc.test.com")); request.setParameter("from", "http://foo.test.com"); String result2 = strategy.getAllowFromValue(request); - assertThat(result2, is("ALLOW-FROM http://foo.test.com")); + assertThat(result2, is("http://foo.test.com")); request.setParameter("from", "http://test.foobar.com"); String result3 = strategy.getAllowFromValue(request); diff --git a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java index e4312f18cc..40c1060023 100644 --- a/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java +++ b/web/src/test/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategyTests.java @@ -38,7 +38,7 @@ public class WhiteListedAllowFromStrategyTests { request.setParameter("from", "http://www.test.com"); String result = strategy.getAllowFromValue(request); - assertThat(result, is("ALLOW-FROM http://www.test.com")); + assertThat(result, is("http://www.test.com")); } @Test @@ -52,7 +52,7 @@ public class WhiteListedAllowFromStrategyTests { request.setParameter("from", "http://www.test.com"); String result = strategy.getAllowFromValue(request); - assertThat(result, is("ALLOW-FROM http://www.test.com")); + assertThat(result, is("http://www.test.com")); } @Test